← volver
CVE-2023-26143

CVE-2023-26143

CVSS 6.5 MEDIUMEPSS 0.9%CWE-88
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 sep 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
Productos afectados
n/a · blamer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gist.github.com/lirantal/14c3686370a86461f555d3f0703e02f9https://github.com/kucherenko/blamer/commit/0965877f115753371a2570f10a63c455d2b2cde3https://security.snyk.io/vuln/SNYK-JS-BLAMER-5731318